Does signing the app protect against tampering with the file?

Question

I'm not familiar with the idea of signing files, and I can't find a satisfactory answer so far, so I think I'd better ask:

What I want to know is when signing a binary file (for Android), does the signing tool assign some sort of checksum to the file so that when a hacker changed something in the apk file, the program would refuse to start because the checksum doesn't match. Does this mechanism exist in Android's signing tool?

Well, I understand when a hacker has the binary, he can disable anything he wants, including the checksum check. But the question is: Does Android's signing tool provide this level or protection in the first place?

Thank you for reading, and answering!

Answer 1

The answers that say "no, they can't modify your apk" are only about halfway right: Yes, no one can modify your code and resign it with your key, meaning the malicious cracker can't make the modified app look like it actually came from you. But that doesn't mean they can't modify and run the APK after resigning it with a different key.

They could take your signed APK, modify its code, and resign it themselves with their own key; they couldn't issue that app as an update or anything like that, but the modified self-signed APK would normally be installable by any user, root or not.

EDIT: Worth crawling around xda-developers to see what people are doing in that respect (some semi-legitimate, like modifying and reissuing theme APKs; other much less so). Tools like android-apktool are particularly interesting.

Also see these SO questions:

• Can I re-sign an .apk with a different certificate than what it came with?
• is it even possible to modify .apk, by adding additional class to .dex and re-packing with modified manifest.xml?

Answer 2

Android binary signing is accomplished using the Jarsigner tool, part of the standard Java SDK. Signing a jar with this tool simply adds two files; one that contains the hashed values for each file within the jar/application (the signature or .sf file), and one that verifies the signature file and identifies the signing certificate (DSA file).

So checking the signature would, yes, necessarily involve checking whether the hashes of the binary file match the provided value, which would detect any changes to the binary. And yes, the Android documentation says that the system will not install or run an application without a valid signature.

So yes, you can assume that signing your file properly will prevent it from running after being altered.